hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.5.1, secure enclave key can store in keychain or not

Browse Source
This commit is contained in:
Hatter Jiang
2023-12-14 23:47:27 +08:00
parent 5bdc4c69e6
commit 9de9af0cde
4 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/cmd_initkeychain.rs
View File

@@ -13,6 +13,9 @@ pub struct CmdInitKeychain {
/// Secure Enclave
#[arg(long, short = 'S')]
pub secure_enclave: bool,
/// Expose secure enclave private key data
#[arg(long, short = 'E')]
pub expose_secure_enclave_private_key: bool,
// /// Keychain name, or default
// #[arg(long, short = 'c')]
// pub keychain_name: Option<String>,
@@ -45,20 +48,24 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let key_name = &cmd_init_keychain.key_name;
let keychain_key = KeychainKey::from("", service_name, key_name);
let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair()?;
let public_key_compressed_hex = public_key_hex.chars()
.skip(2).take(public_key_hex.len() / 2 - 1).collect::<String>();
keychain_key.set_password(private_key_base64.as_bytes())?;
let saved_arg0 = if cmd_init_keychain.expose_secure_enclave_private_key {
private_key_base64
} else {
let keychain_key = KeychainKey::from_default_keychain(service_name, key_name);
keychain_key.set_password(private_key_base64.as_bytes())?;
keychain_key.to_str()
};
let config_envelop = TinyEncryptConfigEnvelop {
r#type: TinyEncryptEnvelopType::KeyP256,
sid: Some(cmd_init_keychain.key_name.clone()),
kid: format!("keychain:02{}", &public_key_compressed_hex),
desc: Some("Keychain Secure Enclave".to_string()),
args: Some(vec![keychain_key.to_str()]),
args: Some(vec![saved_arg0]),
public_part: public_key_hex,
};
@@ -70,7 +77,7 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let key_name = &cmd_init_keychain.key_name;
let keychain_key = KeychainKey::from("", service_name, key_name);
let keychain_key = KeychainKey::from_default_keychain(service_name, key_name);
let public_key = match keychain_key.get_password()? {
Some(static_x25519) => {

4
src/util_keychainstatic.rs
View File

@@ -69,6 +69,10 @@ impl X25519StaticSecret {
}
impl KeychainKey {
pub fn from_default_keychain(service_name: &str, key_name: &str) -> Self {
Self::from("", service_name, key_name)
}
pub fn from(keychain_name: &str, service_name: &str, key_name: &str) -> Self {
Self {
keychain_name: keychain_name.to_string(),